RE: SSH accepts protocol version 1.99
From: Bennett R. Samowich (brs_at_fsproduce.com)
Date: Tue, 19 Aug 2003 14:15:44 -0400 To: <firstname.lastname@example.org>
Yes, it was through nessus. I also confirmed it by setting PuTTY to use
protocol version 1 and it still connected. I couldn't find any mention
of disabling version 1 (except for the Protocol config option). Is it
possible that this is a bug?
From: Chris Odell [mailto:email@example.com]
Sent: Tuesday, August 19, 2003 2:02 PM
To: Bennett R. Samowich; firstname.lastname@example.org
Subject: RE: SSH accepts protocol version 1.99
Where your findings via "Nessus"? I was wondering the same after I
removed everything except for version 2 from the config and was
presented with the same results.
From: Bennett R. Samowich [mailto:email@example.com]
Sent: Monday, August 18, 2003 1:45 PM
Subject: SSH accepts protocol version 1.99
During an audit we discovered that our SSH daemons allowed protocols
1.99 and 2.0. We have the line "Protocol 2" in the config file which I
thought would cause sshd to only allow protocol 2.0.
Is this true or am I missing something else?
Thanks in advance,